Use tempfile instead of tempdir #16

Merged
richardwhiuk merged 1 commit from tempfile into master 2023-03-19 12:20:33 +13:00
richardwhiuk commented 2023-03-16 03:45:28 +13:00 (Migrated from github.com)

tempdir is deprecated in favour of tempfile, and all of the function is available in tempfile 3.0.

In addition, tempdir depends on remove_dir_all, which suffers from a TOCTOU vulnerability in the version tempdir uses.

See github.com/XAMPPRocky/remove_dir_all@7247a8b6ee for details on the vulnerability.

tempdir is deprecated in favour of tempfile, and all of the function is available in tempfile 3.0. In addition, tempdir depends on remove_dir_all, which suffers from a TOCTOU vulnerability in the version tempdir uses. See https://github.com/XAMPPRocky/remove_dir_all/commit/7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead for details on the vulnerability.
richardwhiuk commented 2023-03-21 20:47:50 +13:00 (Migrated from github.com)

@mikedilger Is it possible to get a release with this change in it?

@mikedilger Is it possible to get a release with this change in it?
mikedilger commented 2023-03-22 17:28:11 +13:00 (Migrated from github.com)

I've pushed a 0.6.1 with all the fixes.

Version 0.7 probably coming soon with upgraded dependencies in incompatible ways.

I've pushed a 0.6.1 with all the fixes. Version 0.7 probably coming soon with upgraded dependencies in incompatible ways.
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
mikedilger/mime-multipart!16
No description provided.